Critical changes in this release

Edit online

This topic highlights changes that are made that might impact compatibility with an earlier version in IBM Security Verify Access version 10.0.8.

Platform

  • Policy Directory Jar requires extra command-line arguments for Java17.

    To use the PD.jar utility in Java17, administrators need to explicitly permit access to internal Java classes. Administrators must add the argument --add-exports java.base/sun.security.util=ALL-UNNAMED when PD.jar is run to ensure that the utility continues to function as expected.

Advanced Access Control (AAC)

  • TOTP and HOTP QR code page

    The page and API that were used to add TOTP or HOTP enrollments by QR code or text are now deactivated on fresh installations. A new advanced configuration property otp.usc.legacyBehavior can be used to re-enable the page, see Advanced configuration properties. The recommendation is to use the new OTP Enrollment mechanism instead, see Configuring an OTP enrollment mechanism.

  • Update to validation of FIDO Metadata documents

    The document verification for FIDO2 metadata documents now requires either an AAGUID or a list of attestation certificate key identifiers, a description, and a list permitted attestation types. For more information, see Metadata.